Esxcfg-Firewall Esxcfg-Nics Esxcfg-Vswitch Esxcfg-Vswif Esxcfg-Route Esxcfg-Vmknic

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 6

Jump To: Networking: Esxcfg-firewall Esxcfg-nics Esxcfg-vswitch Esxcfg-vswif Esxcfg-route Esxcfgvmknic Storage: Esxcfg-mpath Esxcfg-nas Esxcfg-swisci Esxcfg-vmhbadevs General:

Esxcfg-advcfg Esxcfg-auth Esxcfg-info Esxcfg-resgrp Esxcfg-upgrade Boot/Diagnostic: Esxcfg-boot Esxcfg-dumppart Esxcfg-init Esxcfg-linuxnet Esxcfg-module

Esxcfg-firewall Description: Configures the service console firewall ports Syntax: esxcfg-firewall <options> Options: -q -q <service> -q incoming|outgoing -s -l -r -e <service> -d <service> Lists current settings Lists settings for the specified service Lists settings for non-required incoming/outgoing ports Lists known services Loads current settings Resets all options to defaults Allows specified service through the firewall (enables) Blocks specified service (disables)

-o <port, tcp|udp,in|out,name> Opens a port -c <port, tcp|udp,in|out> -h -allowincoming -allowoutgoing -blockincoming -blockoutgoing Default Services: Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager inbound and outbound TCP and UDP Ports 2050 5000 and 8042 8045 Active Directory Kerberos - outbound TCPs Port 88 and 464 First-party optional service: CIM HTTP Server - inbound TCP Port 5988 First-party optional service: CIM HTTPS Server - inbound TCP Port 5989 First-party optional service: CIM SLP - inbound and outbound TCP and Closes a port previously opened by o Displays command help Allow all incoming ports Allow all outgoing ports Block all non-required incoming ports (default value) Block all non-required outgoing ports (default value)

AAMClient activeDirectorKerberos CIMHttpServer CIMHttpsServer CIMSLP

UDP Ports 427 commvaultDynamic commvaultStatic ftpClient ftpServer kerberos LicenseClient nfsClient nisClient ntpClient smbClient snmpd sshClient sshServer swISCSIClient telnetClient TSM veritasBackupExec veritasNetBackup vncServer vpxHeartbeats Backup agent: Commvault dynamic inbound and outbound TCP Ports 8600 8619 Backup agent: Commvault static inbound and outbound TCP Ports 8400 8403 FTP client - outbound TCP Port 21 FTP server - inbound TCP Port 21 Kerberos - outbound TCPs Port 88 and 749 FlexLM license server client - outbound TCP Ports 27000 and 27010 NFS client - outbound TCP and UDP Ports 111 and 2049 (0 65535) NIS client - outbound TCP and UDP Ports 111 (0 65535) NTP client - outbound UDP Port 123 SMB client - outbound TCP Ports 137 139 and 445 SNMP services - inbound TCP Port 161 and outbound TCP Port 162 SSH client - outbound TCP Port 22 SSH server - inbound TCP Port 22 First-party optional service: Software iSCSI client - outbound TCP Port 3260 NTP client - outbound TCP Port 23 Backup agent: IBM Tivoli Storage Manager inbound and outbound TCP Ports 1500 Backup agent: Veritas BackupExec inbound TCP Ports 10000 10200 Backup agent: Veritas NetBackup inbound TCP Ports 13720, 13732, 13734, and 13783 VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 5964 vpx heartbeats - outbound UDP Port 902

Note: You can configure your own services in the file /etc/vmware/firewall/services.xml esxcfg-firewall examples: Enable ssh client connections from the Service Console: # esxcfg-firewall -e sshClient Disable the Samba client connections: # esxcfg-firewall -d smbClient Allow syslog outgoing traffic: # esxcfg-firewall -o 514,udp,out,syslog Turn off the firewall:

# esxcfg-firewall -allowIncoming # esxcfg-firewall -allowOutgoing Re-enable the firewall: # esxcfg-firewall -blockIncoming # esxcfg-firewall blockOutgoing

Esxcfg-nics Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapters speed and duplexing. Syntax: esxcfg-nics <options> [nic] Options: -s <speed> -d <duplex> -a -l -r -h Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter. Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter. Set speed and duplex automatically. Requires a NIC parameter. Print the list of NICs and their settings. Restore the NICs configured speed/duplex settings. (Internal use only) Displays command help

esxcfg-nics examples: Set the speed and duplex of a NIC (vmnic2) to 100/Full: esxcfg-nics -s 100 -d full vmnic2 Set the speed and duplex of a NIC (vmnic2) to auto-negotiate: esxcfg-nics -a vmnic2

Esxcfg-vswitch Description: Creates and updates virtual machine (vswitch) network settings Syntax: esxcfg-vswitch <options> [vswitch[:ports]] Options: -a -d -l -L <pnic> -U <pnic> -p <portgroup> -v <vlan id> Add a new virtual switch. Delete the virtual switch. List all the virtual switches. Set pnic as an uplink for the vswitch. Remove pnic from the uplinks for the vswitch. Specify a portgroup for operation. Use ALL for operation to work on all portgroups Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN.

-c -A <name> -D <name> -C <name> -r -h

Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise. Add a new portgroup to the virtual switch. Delete the portgroup from the virtual switch. Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise. Restore all virtual switches from the configuration file (Internal use only) Displays command help

esxcfg-vswitch examples: Add a pnic (vmnic2) to a vswitch (vswitch1): esxcfg-vswitch -L vmnic2 vswitch1 Remove a pnic (vmnic3) from a vswitch (vswitch0): esxcfg-vswitch -U vmnic3 vswitch0 Create a portgroup (VM Network3) on a vswitch (vswitch1): esxcfg-vswitch -A "VM Network 3" vSwitch1 Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1): esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1

Esxcfg-vswif Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues. Syntax: esxcfg-vswif <options> [vswif] Options: -a -d -l -e -s -p -i <x.x.x.x> or DHCP -n <x.x.x.x> -b <x.x.x.x> -c -D Add vswif, requires IP parameters. Automatically enables interface. Delete vswif. List configured vswifs. Enable this vswif interface. Disable this vswif interface. Set the portgroup name of the vswif. The IP address for this vswif or specify DHCP to use DHCP for this address. The IP netmask for this vswif. The IP broadcast address for this vswif. (not required if netmask and ip are set) Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise. Disable all vswif interfaces. (WARNING: This may result in a loss of network

connectivity to the Service Console) -E -r -h Enable all vswif interfaces and bring them up. Restore all vswifs from the configuration file. (Internal use only) Displays command help.

Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing. esxcfg-vswif examples: Change your Service Console (vswif0) IP and Subnet Mask: esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0 Add a Service Console (vswif0): esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0

Esxcfg-route Description: Sets or retrieves the default VMkernel gateway route Syntax: esxcfg-route <options> [<network> [<netmask>] <gateway>] <network> can be specified in 2 ways: as a single argument in <network>/<mask> format or as a <network> <netmask> pair. <gateway> is either an IP address or 'default' Options: -a -d -l -r -h Add route to the VMkernel, requires network address (or 'default') and gateway IP address. Delete route from the VMkernel, requires network address (or 'default'). List configured routes for the Service Console. Restore route setting to configured values on system start. (Internal use only) Displays command help

esxcfg-route examples: Set the VMkernel default gateway route: esxcfg-route 172.20.20.1 Add a route to the VMkernel: esxcfg-route -a default 255.255.255.0 172.20.20.1

Esxcfg-vmknic Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSI Syntax: esxcfg-vmknic <options> [[portgroup]] Options: -a Add a VMkernel NIC to the system, requires IP parameters and portgroup name.

-d -e -D -l -i <x.x.x.x> -n <x.x.x.x> -r -h

Delete VMkernel NIC on given portgroup. Enable the given NIC if disabled. Disable the given NIC if enabled. List VMkernel NICs. The IP address for this VMkernel NIC. Setting an IP address requires that the -n option be given in same command. The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the -i option be given in the same command. Restore VMkernel TCP/IP interfaces from configuration file. (Internal use only) Displays command help

esxcfg-vmknic examples: Add a VMkernel NIC and set the IP and subnet mask: esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0

You might also like